trouble settiing up pptp! - pings ok w/routers not clients

Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions
Goto page 1, 2  Next
Author Message
dueport
DD-WRT Novice


Joined: 29 Sep 2006
Posts: 12

PostPosted: Sat Sep 30, 2006 4:33    Post subject: trouble settiing up pptp! - pings ok w/routers not clients Reply with quote
Hey all,
So I've been working this to death and have finally given up on using openvpn with dd-wrt as it seems you need additional storage to get that solution to work. Instead, I choose to establish (or try) a vpn using pptp. I followed these steps exactly:

http://www.dd-wrt.com/wiki/index.php/Point-to-Point_PPTP_Tunneling_with_two_DD-WRT

Using the same version of the firmware used there at 2 seperate sites (a wrt54gl and a wrt54g).

Here's the problem: it seams to connect - if I telnet and ping into both routers I can ping accross the vpn to machines at the other site. BUT I cannot ping (or talk in any way) to remote machines unless I'm working directly in the router as I mentioned with telnet or ssh. Instead, if I try to ping a remote site on a client machine I get the following error:

"PING 192.168.2.70 (192.168.2.70): 56 data bytes
ping: sendto: No route to host
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down...."

This happens on every remote machine I try to ping. The only a ping will work is if I try the address of the remote router. I think this has something t do with my routing tables (I have only 3, not the 6 that the wiki says I should - but I followed every step!). Can anyone point me in the right direction here - what am I doing wrong and what can I do do get pings/traffic to cross beyond the router and to the clients behind the router? I want clients on one side of the vpn to ping other clients and have them work right - any ideas? Thanks!
Sponsor
Digidat
DD-WRT Novice


Joined: 01 Oct 2006
Posts: 14

PostPosted: Sun Oct 01, 2006 21:55    Post subject: Same Problem Here ! Reply with quote
Hi Dueport,

I have exactly the same problem as you have.
I have 2 WRT54GS boxes with DD-wrt V23SP1 Final VPN (So not STD)
Router A is the PPTP Server and has LAN IP: 192.168.4.250 / Subnet Mask: 255.255.255.0
Router B is the PPTP Client and has LAN IP: 192.168.5.250 / Subnet Mask: 255.255.255.0
The VPN Client IP Range is 192.168.4.151-160
On the Client (Router B) I use Subnet: 192.168.4.0 / Subnet Mask 255.255.255.0 for the PPTP VPN Connection.

When I have a telnet session with Router A I can ping the LAN side of router B and also the clients that are connected to Router B
This also works with a telnet session from router B to router A

The funny thing is I can ping the local IP numbers of the Routers
So if I have a telnet session with the PPTP Server Router A (IPnr 192.168.4.250) I can ping the PPTP Client on 192.168.5.250
Also I can use my browser on a client pc connected to Router A to connect directly to the DD-WRT interface of Router B
So my client PC has IPnr 192.168.4.50 and I can directly browse to the DD-WRT interface of Router B with IPnr 192.168.5.250
My Conclusion: there is somesort of connection between my two sites, but not a complete one.
I cannot ping or RDP to any clients connected to Router B from a client connected to Router A
The second funny thing is that a simple WinXP VPN Dailup Connection from a client pc connected to Router B to Router A works connects perfect (So the setup of my PPTP Server Router A is ok)
That Client gets IPnr 192.168.4.152.
This also tels me that IPnr 192.168.4.151 is already in use and it can only be by the router B VPN Connection.

Firewalls etc are all disabled so that is not the problem
I think you are right that it is routing problem and I also have only 3 lines (instead of 6) in my Routing Table (as Wiki said)
I have been playing aroung with it on and of for a total of weeks now
Any sollution would be great, because I am at a loss (maybe I have a setting wrong with my local Network or something which bypasses the VPN connection)

PLSSSSSS.....HELPPPPPPPP ANYONE !!!!!!! Crying or Very sad
dueport
DD-WRT Novice


Joined: 29 Sep 2006
Posts: 12

PostPosted: Mon Oct 02, 2006 0:47    Post subject: Reply with quote
Wow sorry to hear you're having the same troubles but I have to say I'm glad I'm not the only one! Smile It sounds like you're having the exact same troubles with the ping issue. I wasn't sure though - do you have the server setup on both sides like the wiki said?

That's really interesting that you are also lacking the extra lines on your routing table....I wonder what's going on here....

I thought maybe there's a setting off too - like the DNSmasq thing or NAT setting on the client settings but playing with those didn't seem to do anything.

I noticed something in this wiki though:
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

Down towards the end they mentioned "Another issue in v.23 is that outgoing pptp-trafic cannot pass-through the router with pptp-server enabled. There is a fairly complicated fix for this issue in the dd-wrt forum." I wonder if this is why we're having the problem if the server is enabled on both sides....I would think that this issue would also bar pings from passing through but if it's a bug maybe it is inconsistent in what can and cannot go through.....either way, I don't know if this applies or where, in the forums this "fix" can be found......

......anyone with an idea out there?
dueport
DD-WRT Novice


Joined: 29 Sep 2006
Posts: 12

PostPosted: Mon Oct 02, 2006 18:23    Post subject: Reply with quote
Okay, using the "route" command at the cli, I was able to get a better expression of what routes the machines are actually using - the web gui is still incomplete when I ask for the routes there. As you can see it appears that the routes are all setup and I do get some traffic as previously described but DHCP clients still can't see the other side of the vpn. The wiki says that dhcp client address range should not cross into the range provided at the pptp setup screens for pptp clients - but I don't understand how, dhcp clients are supposed to communicate over the tunnels - if I'm reading the routing tables right there are 2 tunnels established under this setup - "ppp1" and "ppp0" and traffic between them isn't routed together but kept seperate - is this right? Can I bridge these tunnels together somehow? javascript:emoticon('Question')

LOCAL MACHINE:
"Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.4.200 * 255.255.255.255 UH 0 0 0 ppp1
192.168.2.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.4.0 * 255.255.255.0 U 0 0 0 br0
192.168.2.0 * 255.255.255.0 U 0 0 0 ppp0
72.224.176.0 * 255.255.248.0 U 0 0 0 vlan1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default cpe-72-224-176- 0.0.0.0 UG 0 0 0 vlan1"

REMOTE MACHINE:
"Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.200 * 255.255.255.255 UH 0 0 0 ppp0
192.168.4.1 * 255.255.255.255 UH 0 0 0 ppp1
192.168.4.0 * 255.255.255.0 U 0 0 0 ppp1
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
74.65.128.0 * 255.255.240.0 U 0 0 0 vlan1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default cpe-74-65-128-1 0.0.0.0 UG 0 0 0 vlan1"


Question Question Question
dueport
DD-WRT Novice


Joined: 29 Sep 2006
Posts: 12

PostPosted: Mon Oct 02, 2006 19:03    Post subject: Reply with quote
SOLVED!

The client address range in the pptp server setup should be the SAME as your dhcp range - not different! The wiki is wrong it looks like - when I changed that range to match my dhcp range on both sides viola - things worked perfectly!

My only problem now is that it seems pptp is not passing netbios traffic.....any help on that?
Digidat
DD-WRT Novice


Joined: 01 Oct 2006
Posts: 14

PostPosted: Tue Oct 03, 2006 11:06    Post subject: still trying :) Reply with quote
Dueport,

I am still trying al different options I can find.
The problem is that my my brother in law (which has the VPN Client router B) is oing crazy because everytime I change one of the options I reboot the router and His internet connection is interupted Very Happy

Anyway, I have no knoledge of linux, but yes I figured out how to lookup the routing table on with the CLI and with me also the correct routes seem to be up and running (although the Browser routing table still has only 3 lines)

I found something on the forum which I am trying out now and I hope I have some news today and will report that back to you.
The option I am trying now is discribed here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1633&highlight=pptp+client+incorrect+route
But now that I have seen your routing table you haven't changed your PPP0 to VLAN1 and you say that it is solved, so I have little hope now that my test option will make a difference (although it might works for your netbios question)

What I don't understand exactly is your sollution so far.
What WIKI means is that your router is a DHCP Server which gives the locally connected pc's a IPnr (this is setup in DD-WRT under Settup/Basic Setup)
In my case I have configured my VPN Server router A to give static IP adresses to the locally connected pc's (this is setup in DD-WRT under Administration/Services/DHCP Server)
The range I'm using for the static IPadresses are between 192.168.4.1 - 192.168.4.140
I also have setup 10 DHCP IPadresses which are between 192.168.4.141 - 192.168.4.150 (this is setup in DD-WRT under Settup/Basic Setup)
What I understand of WIKI is that I have to use an IPnr-range for the VPN clients that is outside my DHCP and STATIC IP range
In my case I have setup the IPnr range for the VPN clients to 192.168.4.151 - 192.168.4.160 (this is setup in DD-WRT under Administration/Services/PPTP)

Am I doing this wrong ??
Is your sollution to have the IP-range for the VPN-clients within the DHCP range (in my case for example to setup the VPN range to 192.168.4.141 - 192.168.4.145) ??

I will let you know tonight what my experience is with my PPP0 to VPN1 option
dueport
DD-WRT Novice


Joined: 29 Sep 2006
Posts: 12

PostPosted: Fri Oct 06, 2006 17:42    Post subject: Reply with quote
yep - if your dhcp client range and pptp client range are the same that shoud allow your normal dhcp clients to see dhcp clients on the other side of the tunnel as well - good luck!
Digidat
DD-WRT Novice


Joined: 01 Oct 2006
Posts: 14

PostPosted: Sun Oct 08, 2006 23:04    Post subject: Reply with quote
Hi Dueport,

An Update Smile

The option discribed in thread below didn't work for me, it didn't make any difference:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1633&highlight=pptp+client+incorrect+route

The option you mention unfortunatly didn't work for my either and in my case it made things worse, because I made the VPN Range exactly the same as the DHCP range, I noticed that the VPN Server Router gave away the same IPnr for the VPN Client as the DHCP gave away for a locally connected PC (the first IPnr in the range).

The thread that I am following now is:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767&highlight=howto+point+point+vpn+pptp

This seems to work for me better, although the manually inputed route (as discribed in this thread) is gone once the router reboots
And also I can ping the client pc's only on their locally given IPnr's and not on the VPN Range IPnr's
Anyway I suspect that one of the routers or both has something wrong with the firmware, because I have had so many problems
So I will upload the firmware again, factory default and start again (just to make sure)
I think I have had a different problem than you although the symptoms were the same.

Thanks anyway for your help and I hope the VPN works for you now the way you want it to work Smile
Any tips and trics are still apreciated, since it is still not working for me the way I want it to be
Thanks and good luck !
gnassar
DD-WRT Novice


Joined: 22 Oct 2011
Posts: 3

PostPosted: Sat Oct 22, 2011 23:49    Post subject: Reply with quote
Hate to necropost, but extensive searching seems to indicate this is *still* unsolved, so...
Quote:

The client address range in the pptp server setup should be the SAME as your dhcp range - not different! The wiki is wrong it looks like - when I changed that range to match my dhcp range on both sides viola - things worked perfectly!


This actually did work for me to fix the problem. The client address range doesn't actually have to be identical to the DHCP range; it simply has to be within the DHCP range. I chose the last 10 IP addresses in my DHCP range, to minimize the chance of a collision -- obviously that doesn't make a collision impossible, so I'm thinking of making those last 10 IPs assigned via static DHCP to dummy clients that don't actually exist (e.g. 11:11:11:11:11:11 or whatever), so they don't get assigned by dnsmasq, and see if that works.

No idea *why* this works, of course... but at this point, I'll settle for it working.
Zetsubou
DD-WRT Novice


Joined: 02 Dec 2011
Posts: 1

PostPosted: Fri Dec 02, 2011 23:47    Post subject: Reply with quote
Another bit of a necropost here but this is actually a routing issue. While it would be nice if the GUI would automagically add a route for the bond0 port, it does not.

You may use any address range you wish for the VPN interface. After you configure the PPTP server, you'll need to manually add a route under Setup > Advanced Routing for the new address range on the bond0 port.

Here's an example:

DHCP Server IP: 192.168.1.1
DHCP Address Range: 192.168.1.2-192.168.1.254
VPN Server IP: 192.168.100.1
VPN Address Range: 192.168.100.2-192.168.100.254

For this configuration to work and route all traffic properly, you would need to have the following routes in your routing table:

Internal Network:
Destination LAN: 192.168.1.0
Subnet Mask: 255.255.255.0
Gateway Address: 192.168.1.1
Interface: LAN (or LAN & WLAN)

VPN Network:
Destination LAN: 192.168.100.0
Subnet Mask: 255.255.255.0
Gateway Address: 192.168.100.1
Interface: bond0 (or other bond interface, if present)

This will allow the router to route all traffic (except broadcast traffic) properly between the different subnets. Remember that this is a router and by design, it will prevent broadcast traffic from being broadcast between two different subnets.

I have no need for broadcast traffic, such as NetBIOS or Bonjour, so this configuration works fine for me. I've yet to delve into routing the broadcast traffic but it should be possible if DD-WRT supports it. I typically work with Cisco equipment so I'm not completely familiar with all the various commands and options available in this product.

Hope that helps!
pigeonx
DD-WRT Novice


Joined: 05 Jan 2012
Posts: 2

PostPosted: Thu Jan 05, 2012 5:10    Post subject: Reply with quote
Zetsubou,

do I need to add these settings to both routers?
pigeonx
DD-WRT Novice


Joined: 05 Jan 2012
Posts: 2

PostPosted: Thu Jan 05, 2012 5:23    Post subject: Reply with quote
I've been working on this for almost a week straight and can only get one way communication through VPN.

This is my setup...

ROUTER A (DHCP)
192.168.0.1
255.255.255.0

ROUTER A (VPN)
192.168.1.1
255.255.255.0

ROUTER B (DHCP)
192.168.89.1
255.255.255.0

I've tried all sorts of mixing settings. As of right now it is broken. I have had only a one-way communication B to A, but NEVER have I had A to B (ping).

Any help would be greatly appreciated.
sjjpo2002
DD-WRT Novice


Joined: 16 Aug 2014
Posts: 2

PostPosted: Sat Aug 16, 2014 6:09    Post subject: Reply with quote
I got this running finally. Here is the settings on my system:
===============
Router IP: 192.168.1.1
DHCP IP Range: 192.168.1.100-150
% Port forwarding%
VPN1 1723 TCP 192.168.1.1 1723 Enable
VPN2 1792 TCP 192.168.1.1 1792 Enable
====================
PPTP Server Enabled
Broadcast support Enabled
MPPE Encryption Enabled
DNS1: 192.168.1.1
WINS1: 192.168.1.1
Server IP: 192.168.1.2
Client IPs: 192.168.1.200-250
=================
The router is Linksys e1200 v1 with DD-WRT v24-sp2 (03/25/13) mini firmware. I tested it outside my network and the VPN service works just fine.
gnassar
DD-WRT Novice


Joined: 22 Oct 2011
Posts: 3

PostPosted: Mon Aug 18, 2014 13:21    Post subject: Reply with quote
3/25/13 should be r21061, I believe. This issue was definitely solved by then; I think it was solved as far back as at least the mid-15000s, but can't be certain. May be useful to narrow that the range of builds where this was broken.
numarkDM1050
DD-WRT Novice


Joined: 19 Feb 2015
Posts: 3

PostPosted: Thu Feb 19, 2015 21:22    Post subject: Reply with quote
Hello. I have a similar problem. I put NAS servers on the local network and pptp vpn to access it through wan. I can ping the server via WiFi and through the VPN, but can not ping it over the LAN.

Router Model TP-Link TL-WR740N v4
Firmware Version DD-WRT v24-sp2 (12/22/14) std - build 25697
Kernel Version Linux 3.10.63 #5353 Mon Dec 22 04:26:48 CET 2014 mips



C: \ Users \ TEST> ping 172.18.4.117

Pinging 172.18.4.117 with 32 bytes of data:
Reply from 172.18.4.9: Destination host unreachable.
Reply from 172.18.4.9: Destination host unreachable.
Reply from 172.18.4.9: Destination host unreachable.
Reply from 172.18.4.9: Destination host unreachable.

Ping statistics for 172.18.4.117:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)



ping through wifi

C: \ Users \ TEST> ping 172.18.4.117

Pinging 172.18.4.117 with 32 bytes of data:
Reply from 172.18.4.117: bytes = 32 time = 1ms TTL = 64
Reply from 172.18.4.117: bytes = 32 time = 2ms TTL = 64
Reply from 172.18.4.117: bytes = 32 time = 1ms TTL = 64
Reply from 172.18.4.117: bytes = 32 time = 2ms TTL = 64

Ping statistics for 172.18.4.117:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum